Vulnerability Details CVE-2020-15809
spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-15809
-
cpe:2.3:h:spinetix:diva:-
-
cpe:2.3:h:spinetix:hmp300:-
-
cpe:2.3:h:spinetix:hmp350:-
-
cpe:2.3:h:spinetix:hmp400:-
-
cpe:2.3:h:spinetix:hmp400w:-
-
cpe:2.3:o:spinetix:diva_firmware:-
-
cpe:2.3:o:spinetix:diva_firmware:4.5.2-1.0.36229
-
cpe:2.3:o:spinetix:dsos:-
-
cpe:2.3:o:spinetix:dsos:4.5.2-1.0.2-1eb2ffbd
-
cpe:2.3:o:spinetix:hmp300_firmware:-
-
cpe:2.3:o:spinetix:hmp300_firmware:4.5.2-1.0.36229
-
cpe:2.3:o:spinetix:hmp350_firmware:-
-
cpe:2.3:o:spinetix:hmp350_firmware:4.5.2-1.0.36229
-
cpe:2.3:o:spinetix:hmp400_firmware:-
-
cpe:2.3:o:spinetix:hmp400_firmware:4.5.2-1.0.2-1eb2ffbd
-
cpe:2.3:o:spinetix:hmp400w_firmware:-
-
cpe:2.3:o:spinetix:hmp400w_firmware:4.5.2-1.0.2-1eb2ffbd